Bug#364526: debian-installer: Please implement a password-checking module

To: 364526@bugs.debian.org
Subject: Bug#364526: debian-installer: Please implement a password-checking module
From: Christian Perrier <bubulle@kheops.frmug.org>
Date: Tue, 25 Apr 2006 01:31:39 +0200
Message-id: <[🔎] 20060424233139.GI9326@djedefre.onera>
Reply-to: Christian Perrier <bubulle@kheops.frmug.org>, 364526@bugs.debian.org

> There are two ways to do this:
> 
> - the hard way, like Owl [1], which implements a password checking module 
>   (pam_passwdqc, which was written by Solar Designer) and goes even
>   further by proposing random passwords if the user is unable to provide
>   one.
> 
> - the simple way, see attached code, which just tries to flags vulnerable
>   passwords 


I think this is an intersting suggestion. 

The only drawback I see is sounding a little bit annoying to our
users, especially the less skilled ones but, well, this is about
security and we have to use some pedagogy..:)

About the implementation, I'm not sure that I'm fond of the perl
scripting, mostly because the advantage of D-I is its easy
"hackability" for testing purposes....

I'd better see this integrated in user-setup-ask but my opinion does
not have to be the only one here....as I'm perfectly unable to do the
job, so the final decision is up to the one doing the job, I mean you,
Javier..

I prefer the "simple" method which is probably enough.

This will require writing a new template for warning users about weak
passwords. I suggest of course a boolean one, so that people who
insist on using weak password can do it.

Reply to:

Prev by Date: debian-installer-utils_1.27_i386.changes ACCEPTED
Next by Date: Bug#364638: Invalid characters in short user name need reboot
Previous by thread: Bug#364526: debian-installer: Please implement a password-checking module
Next by thread: Processed: reassign 364526 to user-setup
Index(es):
- Date
- Thread